Mobile Application Security

Publisher's Note: Products purchased from Third Party sellers are not guaranteed by the publisher for quality, authenticity, or access to any online entitlements included with the product. Secure today's mobile devices and applicationsImplement a systematic approach to security in your mobile application development with help from this practical guide. Featuring case studies, code examples, and best practices, Mobile Application Security details how to protect against vulnerabilities in the latest smartphone and PDA platforms. Maximize isolation, lockdown internal and removable storage, work with sandboxing and signing, and encrypt sensitive user information. Safeguards against viruses, worms, malware, and buffer overflow exploits are also covered in this comprehensive resource. Design highly isolated, secure, and authenticated mobile applications Use the Google Android emulator, debugger, and third-party security tools Configure Apple iPhone APIs to prevent overflow and SQL injection attacks Employ private and public key cryptography on Windows Mobile devices Enforce fine-grained security policies using the BlackBerry Enterprise Server Plug holes in Java Mobile Edition, SymbianOS, and WebOS applications Test for XSS, CSRF, HTTP redirects, and phishing attacks on WAP/Mobile HTML applications Identify and eliminate threats from Bluetooth, SMS, and GPS services Himanshu Dwivedi is a co-founder of iSEC Partners (www.isecpartners.com), an information security firm specializing in application security. Chris Clark is a principal security consultant with iSEC Partners. David Thiel is a principal security consultant with iSEC Partners.

Table of Contents:
Part I: Mobile Platforms; Chapter 1. Top Mobile Issues and Development Strategies; Chapter 2. Android Security; Chapter 3. The Apple iPhone; Chapter 4. Windows Mobile Security; Chapter 5. BlackBerry Security; Chapter 6. Java Mobile Edition Security; Chapter 7. SymbianOS Security; Chapter 8. WebOS Security;Part II: Mobile Services; Chapter 9. WAP and Mobile HTML Security; Chapter 10. Bluetooth Security; Chapter 11. SMS Security; Chapter 12. Mobile Geolocation; Chapter 13. Enterprise Security on the Mobile OS; Part III: Appendices; Appendix A. Mobile Malware; Appendix B. Mobile Security Penetration Testing Tools; Index

About the Author :
Himanshu Dwivedi is a co-founder of iSEC Partners (www.isecpartners.com), an information security firm specializing in application security. At iSEC, Himanshu manages the firm’s product development efforts and co-manages the sales and marketing programs. Himanshu is also a renowned industry author with six security books published, including Mobile Application Security (McGraw Hill/Osborne), Hacking VoIP (No Starch Press), Hacking Exposed: Web 2.0 (McGraw Hill/Osborne), Hacker’s Challenge 3 (McGraw Hill/Osborne), Securing Storage (Addison Wesley), and Implementing SSH (Wiley). In addition to the books, Himanshu also has a patent pending on Fibre Channel security. Before starting iSEC Partners, Himanshu was the Regional Technical Director at @stake, Inc. Chris Clark is a principal security consultant at iSEC Partners, where he writes tools, performs penetration tests, and serves as a Windows and Mobile expert. Throughout his software career, Chris has focused exclusively on security, and has assisted several large companies in designing and developing secure software. He has led several teams through implementation of the Security Development Lifecycle (SDL) and the initial bootstrapping process required to develop secure products. By working on server, client, and hosted web applications, Chris has amassed a broad range of security experience. Before joining iSEC, Chris worked for Microsoft where he was responsible for ensuring the security of a both a large-scale payment system and a widely deployed enterprise management product. Chris has presented on security at RSA 2009, NY/NJ and Seattle OWASP chapter meetings, the SOA Executive Forum, and as a trainer at Blackhat Federal where he collaborated with Immunity and Microsoft to deliver the Defend-the-Flag training. In addition to public speaking, Chris has developed and delivered several trainings to both management teams and engineers working to develop more secure products. David Thiel is a Principal Security Consultant with iSEC Partners, Inc. He has over 12 years of computer security experience, auditing and designing security infrastructure in the electronic commerce, government, aerospace and online wagering industries. Areas of expertise are web application penetration testing, network protocols, fuzzing, UNIX, and MacOS X. Research interests include mobile and embedded device exploitation, media software vulnerabilities, and attack vectors in emerging web application technologies. He has presented research and security topics at Black Hat USA, Black Hat EU, DEFCON, PacSec and Syscan, and is a contributor to the FreeBSD project.